ComboFix 12-12-17.02 - Christopher M 12/17/2012 16:24:41.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1866 [GMT -5:00] Running from: c:\users\Christopher M\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe c:\users\Christopher M\AppData\Roaming\vso_ts_preview.xml . . ((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 ))))))))))))))))))))))))))))))) . . 2012-12-17 21:29 . 2012-12-17 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-17 19:53 . 2012-12-17 19:53 -------- d-----w- C:\_OTL 2012-12-17 09:42 . 2012-12-17 09:42 208216 ----a-w- c:\windows\system32\drivers\58398600.sys 2012-12-17 00:22 . 2012-12-17 00:23 -------- d-----w- c:\program files\GIMP 2 2012-12-16 22:09 . 2012-12-16 22:09 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-16 22:09 . 2012-12-16 22:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-12-16 05:05 . 2012-12-16 05:05 -------- d-----w- c:\program files\TeamSpeak 3 Client 2012-12-15 18:44 . 2012-12-16 07:29 -------- d-----w- C:\Temp 2012-12-15 08:46 . 2012-12-15 08:46 -------- d-----w- c:\users\Mcx1-EVGAPOS780I 2012-12-14 08:03 . 2012-12-14 08:03 -------- d-----w- c:\programdata\Malwarebytes 2012-12-14 08:03 . 2012-12-14 08:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-14 08:03 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 14:55 . 2012-12-13 14:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-12-13 14:55 . 2012-12-13 14:55 -------- d-----w- c:\programdata\NVIDIA 2012-12-13 14:55 . 2012-11-18 13:09 890216 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-13 14:55 . 2012-11-18 13:09 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-12-13 14:55 . 2012-11-18 13:09 3603786 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-13 14:55 . 2012-11-18 13:09 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-13 14:55 . 2012-11-18 13:09 3311464 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-13 14:55 . 2012-11-18 13:09 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-13 14:55 . 2012-11-18 13:09 6223208 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-13 14:55 . 2012-12-13 14:55 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-12 00:18 . 2012-12-12 00:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-12 00:18 . 2012-12-12 00:18 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-12 00:18 . 2012-12-12 00:18 -------- d-----w- c:\programdata\Apple Computer 2012-12-12 00:17 . 2012-12-12 00:17 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-12-12 00:17 . 2012-12-12 00:17 -------- d-----w- c:\programdata\Apple 2012-12-12 00:17 . 2012-12-12 00:17 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-12-11 21:48 . 2012-12-11 21:48 -------- d-----w- c:\program files (x86)\Dxtory Software 2012-12-11 21:12 . 2012-10-04 17:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-12-11 21:11 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 21:11 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-11 21:11 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-11 21:11 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-11 21:10 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-11 21:10 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-11 21:06 . 2012-12-11 21:06 -------- d-----w- c:\programdata\FLEXnet 2012-12-11 21:01 . 2012-12-11 21:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-12-11 20:58 . 2012-12-11 21:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-12-11 20:58 . 2012-12-11 20:58 -------- d-----w- c:\program files\Autodesk 2012-12-11 20:58 . 2012-12-11 20:58 -------- d-----w- c:\program files (x86)\Autodesk 2012-12-11 20:57 . 2012-12-11 21:04 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2012-12-11 20:55 . 2012-12-11 21:10 -------- d-----w- c:\programdata\Autodesk 2012-12-11 02:17 . 2012-12-11 02:17 -------- d-----w- c:\program files\Ventrilo 2012-12-11 02:16 . 2012-12-11 02:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-12-11 02:15 . 2012-12-11 02:16 -------- d-----w- c:\program files\Logitech Gaming Software 2012-12-11 01:59 . 2012-12-11 01:59 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-12-11 01:59 . 2012-12-11 01:59 -------- d-----w- c:\program files\Logitech 2012-12-11 00:29 . 2012-12-11 17:50 -------- d-----w- c:\programdata\DriverGenius 2012-12-11 00:27 . 2012-12-11 00:27 -------- d-----w- c:\program files (x86)\Driver-Soft 2012-12-10 05:45 . 2012-12-10 05:45 -------- d-----w- c:\program files\Recuva 2012-12-08 16:23 . 2012-12-11 06:25 -------- d-----w- c:\program files (x86)\Stella 2012-12-08 16:18 . 2012-12-08 16:18 -------- d-----w- C:\2600 Manuals 2012-12-08 16:16 . 2012-12-08 16:16 -------- d-----w- c:\program files (x86)\WinterSolace.com 2012-12-08 16:11 . 2012-12-08 16:21 -------- d-----w- C:\2600 2012-12-08 06:27 . 2012-12-09 00:20 -------- d-----w- c:\program files (x86)\DVDFab 9 2012-12-07 22:10 . 2012-12-07 22:10 -------- d-----w- c:\program files (x86)\ImgBurn 2012-12-07 09:27 . 2012-12-07 09:27 -------- d-sh--w- c:\programdata\DSS 2012-12-07 08:21 . 2012-12-07 08:21 -------- d-----w- c:\program files\Microsoft Silverlight 2012-12-07 08:21 . 2012-12-07 08:21 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-12-07 07:45 . 2012-12-07 07:45 -------- d-----w- c:\program files (x86)\AMD 2012-12-07 07:43 . 2012-12-07 07:43 -------- d-----w- c:\programdata\dvdfab 2012-12-07 07:42 . 2012-12-07 07:42 -------- d-----w- c:\windows\SysWow64\xlive 2012-12-07 07:41 . 2012-12-07 07:42 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-12-06 19:14 . 2012-12-06 19:14 -------- d-----w- c:\programdata\SlySoft 2012-12-06 19:14 . 2012-12-06 19:14 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2012-12-06 19:13 . 2012-12-06 19:13 -------- d-----w- c:\program files (x86)\SlySoft 2012-12-05 00:07 . 2012-10-19 23:11 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-12-05 00:07 . 2012-10-19 23:10 60328 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll 2012-12-05 00:07 . 2012-10-19 23:10 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-12-05 00:07 . 2012-08-24 19:41 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2012-12-05 00:07 . 2012-10-19 23:10 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-12-05 00:07 . 2012-12-17 21:20 -------- d-----w- c:\programdata\LogMeIn 2012-12-05 00:07 . 2012-12-05 00:07 -------- d-----w- c:\program files (x86)\LogMeIn 2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\programdata\RELOADED 2012-12-01 10:07 . 2012-12-01 10:07 -------- d-----w- c:\windows\Hewlett-Packard 2012-12-01 02:13 . 2012-12-01 02:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-12-01 02:12 . 2012-12-01 02:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-12-01 02:12 . 2012-12-01 02:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-12-01 02:12 . 2012-12-01 02:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-12-01 01:11 . 2012-12-01 01:11 -------- d-----w- c:\program files (x86)\2K Games 2012-11-30 04:55 . 2012-11-30 04:55 -------- d-----w- c:\programdata\Media Center Programs 2012-11-30 04:55 . 2012-11-30 05:09 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2012-11-29 21:32 . 2012-11-29 21:32 -------- d-----w- c:\program files\7-Zip 2012-11-29 02:48 . 2012-11-29 02:48 -------- d-----w- c:\program files (x86)\Games 2012-11-28 22:38 . 2012-11-28 22:38 -------- d-----w- c:\program files\Handbrake 2012-11-28 21:39 . 2012-11-28 21:39 -------- d-----w- c:\programdata\Razer 2012-11-28 21:39 . 2012-11-28 21:39 -------- d-----w- c:\program files (x86)\Razer 2012-11-28 05:17 . 2012-11-28 05:17 -------- d-----w- c:\programdata\Sony 2012-11-28 05:17 . 2012-11-28 05:17 -------- d-----w- c:\program files\Sony 2012-11-28 05:17 . 2012-11-28 05:17 -------- d-----w- c:\program files (x86)\Sony 2012-11-27 14:21 . 2012-11-27 14:21 275360 ----a-w- c:\windows\system32\DreamScene.dll 2012-11-27 14:21 . 2012-11-27 14:21 -------- d-----w- c:\windows\system32\WDSA 2012-11-27 00:02 . 2012-11-27 00:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-11-26 11:28 . 2012-11-26 11:28 -------- d-----w- c:\program files (x86)\Free FLAC to MP3 Converter 2012-11-26 05:28 . 2012-11-26 05:28 -------- d-----w- C:\Diskeeper 2012-11-25 11:31 . 2012-11-25 11:31 -------- d-----w- c:\program files (x86)\MSI Kombustor 2.4 2012-11-25 11:30 . 2012-12-16 23:21 -------- d-----w- c:\program files (x86)\MSI Afterburner 2012-11-25 01:45 . 2012-11-25 01:45 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-11-24 14:34 . 2012-11-24 14:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-11-24 14:29 . 2012-11-24 14:34 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-24 11:32 . 2012-11-24 11:32 -------- dc----w- c:\windows\system32\DRVSTORE 2012-11-24 11:32 . 2011-02-14 07:04 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2012-11-24 11:32 . 2012-11-24 11:32 -------- d-----w- c:\programdata\Diskeeper Corporation 2012-11-24 11:32 . 2012-11-24 11:32 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation 2012-11-24 11:32 . 2012-11-24 11:32 -------- d-----w- c:\program files\Diskeeper Corporation 2012-11-24 11:17 . 2012-12-07 09:03 -------- d-----w- c:\program files\CCleaner 2012-11-24 11:03 . 2012-11-24 11:03 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7 2012-11-24 11:03 . 2012-11-24 11:03 -------- d-----w- c:\programdata\Babylon 2012-11-24 10:52 . 2012-11-24 11:12 -------- d-----w- c:\program files (x86)\AWS 2012-11-24 07:24 . 2012-11-24 07:24 -------- d-----w- c:\programdata\WEBREG 2012-11-24 07:22 . 2012-11-24 07:22 -------- d-----w- c:\programdata\HP Product Assistant 2012-11-24 07:22 . 2012-11-24 07:22 -------- d-----w- c:\program files (x86)\Common Files\HP 2012-11-24 07:22 . 2012-11-24 07:22 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard 2012-11-24 07:21 . 2012-12-01 10:07 -------- d-----w- c:\program files (x86)\HP 2012-11-24 07:21 . 2012-11-24 07:24 -------- d-----w- c:\programdata\HP 2012-11-24 07:21 . 2009-07-08 10:51 859136 ----a-w- c:\windows\system32\hpowiax4.dll 2012-11-24 07:21 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll 2012-11-24 07:21 . 2009-07-08 10:51 540672 ----a-w- c:\windows\system32\hppldcoi.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-20 15:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-11-20 15:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 04:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 04:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 04:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:40 . 2012-12-11 21:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-09-28 15:45 . 2012-09-28 15:45 246272 ----a-w- c:\windows\system32\rtvcvfw64.dll 2012-09-28 15:45 . 2012-09-28 15:45 247296 ----a-w- c:\windows\SysWow64\rtvcvfw32.dll 2012-09-21 19:09 . 2012-09-21 19:09 542568 ----a-w- c:\windows\SysWow64\LVUI2.dll 2012-09-21 19:09 . 2012-09-21 19:09 538472 ----a-w- c:\windows\SysWow64\LVUI2RC.dll 2012-09-21 19:09 . 2012-09-21 19:09 305000 ----a-w- c:\windows\SysWow64\lvcodec2.dll 2012-09-21 19:08 . 2012-09-21 19:08 338136 ----a-w- c:\windows\SysWow64\DevManagerCore.dll 2012-09-21 19:08 . 2012-09-21 19:08 338136 ----a-w- c:\windows\system32\DevManagerCore.dll 2012-09-21 19:08 . 2012-09-21 19:08 10919784 ----a-w- c:\windows\SysWow64\LogiDPP.dll 2012-09-21 19:08 . 2012-09-21 19:08 10919784 ----a-w- c:\windows\system32\LogiDPP.dll 2012-09-21 19:08 . 2012-09-21 19:08 103272 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe 2012-09-21 19:08 . 2012-09-21 19:08 103272 ----a-w- c:\windows\system32\LogiDPPApp.exe 2012-09-21 19:04 . 2012-09-21 19:04 768288 ----a-w- c:\windows\system32\LVUI64.dll 2012-09-21 19:04 . 2012-09-21 19:04 560416 ----a-w- c:\windows\system32\LVUIRC64.dll 2012-09-21 19:04 . 2012-09-21 19:04 262432 ----a-w- c:\windows\system32\lvco1351823.dll 2012-09-21 19:04 . 2012-09-21 19:04 175392 ----a-w- c:\windows\system32\lvcod64.dll 2012-09-21 19:04 . 2012-09-21 19:04 4763680 ----a-w- c:\windows\system32\drivers\lvuvc64.sys 2012-09-21 19:04 . 2012-09-21 19:04 351520 ----a-w- c:\windows\system32\drivers\lvrs64.sys 2012-09-21 18:48 . 2012-09-21 18:48 40758 ----a-w- c:\windows\system32\Repository.reg . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "cdloader"="c:\users\Christopher M\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136] "CTxfiHlp"="CTXFIHLP.EXE" [2011-08-22 25600] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 aswSnx;aswSnx; [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-20 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-20 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-22 202840] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-22 1417304] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-22 94808] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-11 1431888] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-08-24 15928] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-22 202840] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-22 1417304] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-22 94808] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Christopher M\AppData\Local\Temp\tmp7973.tmp [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER *NewlyCreated* - WINRING0_1_2_0 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 09:04] . 2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-22 04:12] . 2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-22 04:12] . 2012-12-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 76a2b802-cc41-43ae-8423-02b2f6171abf.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-12-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e5595383-4605-41e7-bc0d-68ec5783103b.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-10-10 57928] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=a4ec346500000000000000044b147913 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: magicjack.com\data Trusted Zone: magicjack.com\my Trusted Zone: talk4free.com Trusted Zone: talk4free.com\reg TCP: DhcpNameServer = 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - ExtSQL: 2012-11-20 05:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-11-20 05:03; elemhidehelper@adblockplus.org; c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\extensions\elemhidehelper@adblockplus.org.xpi FF - ExtSQL: 2012-11-20 05:03; customization@adblockplus.org; c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\extensions\customization@adblockplus.org.xpi FF - ExtSQL: 2012-11-20 05:03; adblockpopups@jessehakanen.net; c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\extensions\adblockpopups@jessehakanen.net.xpi FF - ExtSQL: 2012-11-20 05:03; {e10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\extensions\{e10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-11-20 05:04; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Christopher M\AppData\Roaming\Mozilla\Firefox\Profiles\p8np74xq.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi FF - ExtSQL: 2012-11-20 05:44; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-11-24 02:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2012-11-24 02:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run- - (no file) SafeBoot-95657239.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0] "ImagePath"="\??\c:\users\Christopher M\AppData\Local\Temp\tmp7973.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3757987476-38994167-75903165-1001\Software\SecuROM\License information*] "datasecu"=hex:ef,9b,32,8c,33,cf,7f,28,7b,e7,62,31,8c,88,c8,91,00,02,4a,41,2c, 4b,41,f2,4c,f9,6c,84,11,b7,e9,92,c8,c3,db,25,c9,e0,20,15,d6,9d,db,50,4f,dd,\ "rkeysecu"=hex:95,12,24,7e,2b,a6,a3,93,7e,39,84,5c,1c,b0,6e,f8 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-17 16:31:53 ComboFix-quarantined-files.txt 2012-12-17 21:31 . Pre-Run: 244,062,056,448 bytes free Post-Run: 243,919,048,704 bytes free . - - End Of File - - E27B5A33802108079DF79B90D61DD5A9